Skip to main content
  1. Home
  2. Computing
  3. News

Virtually all banking web apps are vulnerable to hackers, study finds

Add as a preferred source on Google

Using a computer today feels a bit like walking through a minefield, at least when we are using them to access or share personal and sensitive information. That is particularly true for our financial information, where the wrong person getting access to our data could mean a whole lot of pain. According to a recent study, using our bank’s web application is one of the biggest mines that we probably don’t know about.

The news comes via security firm Positive Technologies, which looked at web application security in a recent report. The results are disturbing, to say the least, with every web application tested in 2017 having at least one vulnerability, and with 94 percent having at least one vulnerability that was characterized as “high-severity.”

Recommended Videos

According to Leigh-Anne Galloway, Positive Technologies’ cybersecurity resilience lead, “Web applications practically have a target painted on their back. A large number of unfixed, exploitable vulnerabilities is a windfall for hackers, who can use these flaws to steal sensitive information or access an internal network. Fortunately, most vulnerabilities can be discovered long before an attack ever happens. The key is to analyze application source code.”

The results were even worse when looking strictly at banking and finance web applications, which made up 46 percent of the test group. Every one of the banking and finance web applications covered in the report suffered from high-severity vulnerabilities. As the organization points out, these applications are also the most attractive to hackers and so their vulnerabilities are of particular concern.

Furthermore, the data shows that 87 percent of banking and government web applications are open to attacks against users, with cross-site scripting vulnerabilities present in 82 percent of the tested web applications. That makes them good targets for phishing attacks that can infect user PCs with malware.

Clearly, the banking industry has work to do to clean up its web applications. As always, the presence of these kinds of vulnerabilities serve as a reminder that we all need to be constantly vigilant in monitoring our financial data, because we never know which online transaction will be the one that opens us up to an attack.

Mark Coppock
Former Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Google’s new Magic Pointer Play Store listing reveals a Gemini shortcut built for Googlebooks
The unannounced app turns the cursor into a contextual AI tool for search, image creation, and shopping
Plant, Text, Business Card

Google has quietly published a new Play Store listing for Magic Pointer, an unannounced app built for Googlebooks. Updated on July 10, the app turns the cursor into a Gemini shortcut that can act on whatever a user selects on screen.

Magic Pointer can send an image to Lens, generate a related image, or surface a shopping action without forcing users to open a separate chatbot. Regular Android devices currently show as incompatible, so the listing offers an early preview rather than a broad release.

Read more
You can stop using AI, but this new report says you probably can’t escape it
A UK survey found that most people feel AI exposure is unavoidable, raising harder questions about consent, privacy, and whether opting out is still realistic
AI Chatbots

More people are trying to use less AI, but avoiding it altogether may already be impossible.

A survey of 2,055 UK adults found that 42% deliberately limit how much AI they use. Another 70% said avoiding AI exposure would be difficult or impossible, even when they actively wanted less of it.

Read more
The face on an AI interviewer may matter as much as the decision it makes
Researchers found that race and gender matching changed how fairly rejected applicants viewed an automated interview, even though everyone received the same outcome
File, Computer Hardware, Electronics

An AI hiring system can treat every applicant the same and still leave some people feeling targeted. Researchers found that rejected candidates judged an automated interview differently depending on the race and gender of the avatar delivering the result.

Around 220 participants completed a simulated interview for a fictional customer support role with one of four photorealistic AI avatars. Everyone was rejected, yet perceptions of fairness shifted with the interviewer’s appearance. An algorithm audit could miss that reaction because candidates don’t experience the system as raw code. They experience a face asking questions and judging their answers.

Read more